[Sgooter]

I don't know whether any of my friends have an actual XP Home Edition CD, so I'll have to ask around to see what I can come up with.

Is there some alternative procedure we could use?

Thanks,
Sgooter

[Advertisements]

Sgooter, do you have a copy of the XP cd that came with your computer? Try the steps using that cd. Some manufacturers will ship computers with full XP install cds.

Matt

[Matt]

Sgooter, do you have a copy of the XP cd that came with your computer? Try the steps using that cd. Some manufacturers will ship computers with full XP install cds.

Matt

[Sgooter]

No luck Matt.
My wife's Sony PC does not come with any restore CDs. Instead the recovery process is stored internally on the hard drive.

Let me ask again an earlier question: When I ran ActiveScan last night, should I have also taken steps to disinfect/remove any of the problem files when prompted?
Since your instructions did not tell me to disinfect/remove the problem files, I did not do so. that is, I only ran the scan function of ActiveScan.

[Matt]

Sgooter, yes you could have had active scan assess what it found. But, by the way things are going, it wouldn't have been able to remove this. I am talking with people again about this, and I will have something posted for you as soon as possible.

Thanks,
Matt

[Sgooter]

Matt,
I must now sign off for the evening and will resume tomorrow evening.
In general terms where are you located? My impression is that you might be on the West Coast since we typically begin interacting after 9PM EST.

Thanks again.

[Matt]

Actually Sgooter, I am on the East Coast. I just usually don't get free time to log on until the evening. Hopefully we can have this resolved tomorrow.

Matt

[Matt]

Please print out these directions and follow them very carefully.

Ok, Sgooter, perhaps we can do this off the harddrive.

First you need to create a dummy file.
Using Windows Explorer, open the C:\windows\system32 directory. Right click an open space and go to New > Text Document.
When Notepad opens, go up to File > Save As. Click the drop-down box to change the "Save As Type" to "All Files".
Name the text file awtqp.old and save it in the system32 directory.
Close all windows and programs.

Reboot your computer, and continually tap F8 as if you were to boot into Safe Mode. But, instead when the menu comes up, see if there is an option for Recovery Console and if there is, choose it.

If it is not there, just reboot your computer back normally, and let me know. We will have to try something else.

You will be prompted for the Administrator password. If none was set, press enter.
You will be offered which installation to start, eg;
1. C:\Windows
Press 1 and enter.
You will arrive at a C:\Windows prompt.
Type:

cd c:\windows\system32

hit enter.

Now to remove any attributes from and delete the file, then rename the dummy.

Type and hit enter after each line.

attrib -r awtqp.dll
attrib -h awtqp.dll
attrib -s awtqp.dll
del awtqp.dll
rename awtqp.old awtqp.dll
exit

The machine will restart.

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqp.dll
O20 - Winlogon Notify: awtqp - C:\WINDOWS\SYSTEM32\awtqp.dll

Close HijackThis.

Reboot and post a new HiJackThis log.

Matt

[Sgooter]

Matt,
Regarding a portion of your latest instructions:


"Reboot your computer, and continually tap F8 as if you were to boot into Safe Mode. But, instead when the menu comes up, see if there is an option for Recovery Console and if there is, choose it.

If it is not there, just reboot your computer back normally, and let me know. We will have to try something else.

You will be prompted for the Administrator password. If none was set, press enter.
You will be offered which installation to start, eg;
1. C:\Windows
Press 1 and enter.
You will arrive at a C:\Windows prompt.
Type:

cd c:\windows\system32

hit enter."

Are you certain that I need to enter the term cd before the c:\windows\system32 ?
My concern here is that I'm not using a Win XP CD-ROM in this case.

[Matt]

Sgooter, yes, cd doesn't refer to your CD drive in this case, it means "change directory".

Matt

[Sgooter]

Right after I sent you my stupid question, I remembered the DOS cd command for "change directory."
Sorry.

[Sgooter]

Matt,
I have rebooted the PC using the F8 key, and I do not see an option for Recovery Console, but I do see an option for Directory Services Restore Mode.

Again, this is a Sony desktop Vaio PC.

Your guidance?

[Sgooter]

Matt,
My wife's PC is still awaiting a decision on which mode to use, so I'm sending this reply to you from my PC.
I looked closer at the options to pick from on her PC, and the option I expressed earlier should be fully expressed as:
Directory Services Restore Mode (Windows domain controllers only).

[Matt]

Sgooter, that is not what we want. Reboot the computer normally, and follow these directions:

We're going to use a DOS Bootdisk instead of the recovery console.

Print these instructions out and make sure everything is entered exactly.

1. Locate a spare floppy disk, and insert it into the floppy drive.

2. Navigate to 'My Computer.' To do that, click Start -> My Computer

3. Once in the My Computer window, locate the 3 1/2 Floppy (A:) drive, and right-click it. From the appearing dialogue, select Format...

4. A new window should have come up. In that window, check the box next to the item reading 'Create an MS-DOS startup disk'.

5. Now, click the 'Start' button.

6. A warning will come up saying 'WARNING: Formatting will erase ALL data on this disk. To format the disk, click OK. To quit, click CANCEL.' Go ahead and click OK.

7. In a few moments, you will have a bootable MS-DOS startup disk. An alert box will pop up declaring a success with the message 'Format Complete'.

Now to the fix:

First you need to create a dummy file.
Using Windows Explorer, open the C:\windows\system32 directory. Right click an open space and go to New > Text Document.
When Notepad opens, go up to File > Save As. Click the drop-down box to change the "Save As Type" to "All Files".
Name the text file awtqp.old and save it in the system32 directory.
Close all windows and programs.
Insert the floppy disk into the drive.
The machine will need to have boot from floppy first enabled in the BIOS.
Reboot your computer, and wait for it to run from the floppy. Once booted, you should be in a DOS looking environment.

Type:

cd c:\windows\system32

hit enter.

Now to remove any attributes from and delete the file, then rename the dummy.

Type and hit enter after each line.

attrib -r awtqp.dll
attrib -h awtqp.dll
attrib -s awtqp.dll
del awtqp.dll
rename awtqp.old awtqp.dll
exit

The machine will restart or shut down. Once done so, remove the floppy, and boot your computer normally.

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqp.dll
O20 - Winlogon Notify: awtqp - C:\WINDOWS\SYSTEM32\awtqp.dll

Close HijackThis.

Reboot and post a new HiJackThis log.

Matt

[Sgooter]

The PC booted from the boot floppy disk and eventually give an A:\ prompt.

When I type in cd c:\windows\system32, the result is:
Invalid drive specification

I've tried a couple of variations to changed the directory, but the result is sill: Invalid drive specification.
I have also tried to simply enter c:\, but again the same result.

Awaiting your guidance.

[Matt]

Ok Sgooter, we're going to test something else now

Please download http://www.atribune.org/test.zip

Once downloaded please unzip it to your desktop and run test.bat

When you run it you will be asked are you sure type y for yes and press enter.

• Open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning.
  It should look like this
  

  VundoFix V2.15 by Atri
  By using VundoFix you agree that you are doing so at your own risk
  Press enter to continue....
  
  

  
  
• At this point press enter one time.
  
  
  
• Next you will see:
  

  Please Type in the filepath as instructed by the forum staff
  and then press enter:

  
  
  
• At this point please type the following file path (make sure to enter it exactly as below!):
  C:\WINDOWS\SYSTEM32\awtqp.dll
  
  
  
• Press Enter to continue with the fix.
  
  
  
• Next you will see:
  

  Please type in the second filepath as instructed by the forum
  staff then press enter:

• At this point please type the following file path (make sure to enter it exactly as below!):
  C:\WINDOWS\SYSTEM32\pqtwa.*
• Press Enter to continue with the fix.
• The fix will run then HijackThis will open, if it does not open automatically please open it manually.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:[list]
  
  O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\awtqp.dll
  O20 - Winlogon Notify: awtqp - C:\WINDOWS\SYSTEM32\awtqp.dll
  
  

Now reboot your computer.

Then please post a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

Matt